Senior Information Systems Security Manager (ISSM)

About The Position

Requirements

• U.S. Citizenship.
• Bachelor's Degree in Computer Science or a related field.
• 7+ years in cybersecurity/information assurance, with at least 5 years in a hands-on ISSM role.
• Must have an Active current Secret clearance, with SAP eligibility, and the ability to upgrade to Top Secret.
• Experience leading a DoD system through the full RMF lifecycle to successfully achieve an ATO.
• Expert-level knowledge of RMF, NIST SP 800-53, and DISA STIGs.
• Demonstrable, in-depth experience implementing and validating NIST SP 800-53 controls and reporting findings, artifacts, and other supporting documentation in eMASS.
• Must meet DoD 8140 IASAE Level II or III requirements.
• Proficiency with security tools such as ACAS/Nessus, SCAP Compliance Checker (SCC), and log aggregate tools.
• Strong technical understanding of operating systems (Windows/Linux), networking concepts, and virtualization.
• Experience with managing Communication Security (COMSEC) material.
• Demonstrated experience with managing data spillages and incident response measures.

Nice To Haves

• An active Top Secret clearance, with SAP eligibility.
• Master’s Degree in Computer Science or a related field.
• Experience conducting authorizations under JSIG.
• Direct experience with Sensitive Compartmented Information Facilities (SCIF) and Special Access Program Facilities (SAPF).

Responsibilities

• Provide cybersecurity support per DoDI 8500.01, including assessing and continuously monitoring cybersecurity risk to ensure legacy and new capabilities adhere to enterprise standards such as the Risk Management Framework (RMF), National Institute of Standards and Technology (NIST), and the Authorization Official’s. Information System Continuous Monitoring (ISCM) strategy.
• Ensure all cybersecurity-related documentation is current and accessible to properly authorized individuals.
• Enable effective communication channels among stakeholders from various agencies and teams to foster collaboration and information sharing.
• Support the Program Manager (PM) or Information System Owner (ISO) in maintaining current authorization to operate (ATO), approval to connect (ATC) if required, and implementing corrective actions identified in the Plan of Actions and Milestones (POA&M).
• Coordinate with the PM and Authorization Official (AO) staff in the development of an ISCM strategy and monitor any proposed or actual changes to the system and its environment.
• Continuously monitor systems and their environments for security-relevant events.
• Assess proposed configuration changes for potential impact to the cybersecurity posture.
• Assess the quality of security controls implementation against established performance indicators.
• Ensure cybersecurity-related events or configuration changes that impact the authorization, or adversely affect the security posture, are formally reported to the AO and other stakeholders, such as Information Owners (IOs) and data stewards.
• Ensure all Information System Security Officers (ISSOs) and privileged users receive necessary technical training, obtain required cybersecurity certification, and are formally appointed.

Benefits

• ESOP participation
• 401(k) match and safe-harbor contribution
• medical
• dental
• vision
• life insurance
• short-term disability
• long-term disability
• flexible spending accounts
• Health Saving Accounts and Health Reimbursement Accounts
• EAP
• education assistance
• paid time off
• holidays